Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/RITV3dDyfE08dul9I5ebeeGJDTg.roa
File:                     RITV3dDyfE08dul9I5ebeeGJDTg.roa (raw, json)
Hash identifier:          o65KW1w3EuBPV4xmW0UNMp+7bPVxNjstVh+5aWDVcgg=
Subject key identifier:   44:84:D5:DD:D0:F2:7C:4D:3C:76:E9:7D:23:97:9B:79:E1:89:0D:38
Certificate issuer:       /CN=5954b6183e459748c89ee5431b8f31de692ae3b7
Certificate serial:       0199C7ACDA3004DB28A1533A049950F6F90C
Authority key identifier: 59:54:B6:18:3E:45:97:48:C8:9E:E5:43:1B:8F:31:DE:69:2A:E3:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/RITV3dDyfE08dul9I5ebeeGJDTg.roa
Signing time:             Thu 09 Oct 2025 06:33:38 +0000
ROA not before:           Thu 09 Oct 2025 06:33:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213060
IP address blocks:        212.11.4.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c7:ac:da:30:04:db:28:a1:53:3a:04:99:50:f6:f9:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5954b6183e459748c89ee5431b8f31de692ae3b7
        Validity
            Not Before: Oct  9 06:33:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4484d5ddd0f27c4d3c76e97d23979b79e1890d38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:00:26:48:44:75:23:a4:be:d1:b9:e3:bd:26:
                    28:8e:c3:4a:1e:ab:e5:f9:19:54:3c:24:b2:63:0d:
                    91:a4:44:bb:b7:b7:6b:75:f8:cf:5e:b9:59:6c:fd:
                    cb:7a:99:37:70:dc:03:df:e8:d4:44:8f:77:95:47:
                    a2:af:e2:ae:09:2f:92:7f:c9:6b:14:21:2a:12:bf:
                    54:58:12:70:d7:68:12:d1:0f:7c:3c:16:68:97:29:
                    23:58:26:29:26:74:4b:af:16:fd:e3:4e:94:76:88:
                    93:2c:88:ba:bb:73:90:3a:bb:15:ff:4b:cf:cb:1e:
                    f2:f0:22:79:67:34:b4:e2:9d:f1:b4:0e:4b:90:ec:
                    7a:90:70:02:13:54:b1:17:b2:50:26:d5:d3:68:98:
                    c7:1e:2c:69:de:ac:d6:7a:e8:95:fe:cc:f9:4b:0f:
                    2d:1b:7f:5b:8c:c5:7d:2e:5b:12:48:a5:f8:52:70:
                    fd:01:7f:dc:a9:30:fc:b3:bd:5a:89:fd:44:e5:f5:
                    aa:bf:28:b6:e2:ac:41:04:44:c3:d5:b7:03:b5:93:
                    62:81:ed:2b:0d:32:b8:bc:12:26:f0:77:f6:9c:20:
                    dd:31:2d:33:57:cf:91:bf:df:91:6b:43:6e:71:06:
                    20:f0:35:14:8c:cd:ec:5c:63:84:64:6c:31:d2:6d:
                    61:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:84:D5:DD:D0:F2:7C:4D:3C:76:E9:7D:23:97:9B:79:E1:89:0D:38
            X509v3 Authority Key Identifier:
                keyid:59:54:B6:18:3E:45:97:48:C8:9E:E5:43:1B:8F:31:DE:69:2A:E3:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/RITV3dDyfE08dul9I5ebeeGJDTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.11.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         93:52:04:c4:73:da:81:6a:98:98:6d:ed:89:1f:61:5d:76:83:
         cb:b1:8a:36:89:3e:05:14:68:cf:d3:e3:10:a1:45:b3:ba:a8:
         6d:f9:f5:9e:65:2d:2d:be:58:6e:db:9c:e2:83:67:4b:a0:5f:
         41:e6:48:f8:e4:45:b0:f3:a5:f0:87:b0:8a:6a:06:ee:cb:40:
         55:5d:47:6d:c3:0a:14:75:30:9d:66:b6:89:91:7e:f2:f3:af:
         d9:14:d5:9e:fd:77:25:80:9f:f1:07:d9:c2:1b:75:f3:91:a7:
         41:53:c9:85:7f:6f:e2:6d:8a:b1:9c:ee:2e:a9:70:fd:16:f1:
         af:fa:08:f9:ab:fa:59:22:e9:58:b7:d3:7a:98:c4:a3:13:b8:
         ce:cc:33:bc:f4:52:c4:4b:13:5a:df:f5:06:89:aa:f7:ee:fc:
         f6:d5:bb:08:63:67:d0:df:1e:76:2f:57:2f:a3:c0:eb:dd:63:
         54:7d:a1:ed:4b:b3:49:29:a6:ec:f6:47:0d:db:4e:1a:4a:6f:
         77:8b:a6:fb:22:c8:e2:9f:47:a0:de:de:6c:27:8d:48:fc:af:
         d8:5c:72:d8:39:ed:76:37:93:ad:a8:e0:bb:07:7a:1e:20:da:
         46:ab:63:ce:f8:3d:f5:47:e3:7a:eb:39:b0:2a:f8:5a:49:91:
         51:c9:f2:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnHrNowBNsooVM6BJlQ9vkMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NTRiNjE4M2U0NTk3NDhjODllZTU0MzFiOGYzMWRlNjky
YWUzYjcwHhcNMjUxMDA5MDYzMzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDg0ZDVkZGQwZjI3YzRkM2M3NmU5N2QyMzk3OWI3OWUxODkwZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAAmSER1I6S+0bnjvSYojsNKHqvl
+RlUPCSyYw2RpES7t7drdfjPXrlZbP3Lepk3cNwD3+jURI93lUeir+KuCS+Sf8lr
FCEqEr9UWBJw12gS0Q98PBZolykjWCYpJnRLrxb9406UdoiTLIi6u3OQOrsV/0vP
yx7y8CJ5ZzS04p3xtA5LkOx6kHACE1SxF7JQJtXTaJjHHixp3qzWeuiV/sz5Sw8t
G39bjMV9LlsSSKX4UnD9AX/cqTD8s71aif1E5fWqvyi24qxBBETD1bcDtZNige0r
DTK4vBIm8Hf2nCDdMS0zV8+Rv9+Ra0NucQYg8DUUjM3sXGOEZGwx0m1hrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESE1d3Q8nxNPHbpfSOXm3nhiQ04MB8GA1UdIwQY
MBaAFFlUthg+RZdIyJ7lQxuPMd5pKuO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1ZTMkdENUZsMGpJbnVWREc0OHgzbWtxNDdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83ZGU2NWMtOTBmNS00ZGVmLWI4NzMt
ZDJhZGVlZDc1NWQ4LzEvUklUVjNkRHlmRTA4ZHVsOUk1ZWJlZUdKRFRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83ZGU2NWMtOTBmNS00ZGVmLWI4NzMtZDJhZGVlZDc1NWQ4
LzEvV1ZTMkdENUZsMGpJbnVWREc0OHgzbWtxNDdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1AsEMA0G
CSqGSIb3DQEBCwUAA4IBAQCTUgTEc9qBapiYbe2JH2FddoPLsYo2iT4FFGjP0+MQ
oUWzuqht+fWeZS0tvlhu25zig2dLoF9B5kj45EWw86Xwh7CKagbuy0BVXUdtwwoU
dTCdZraJkX7y86/ZFNWe/XclgJ/xB9nCG3XzkadBU8mFf2/ibYqxnO4uqXD9FvGv
+gj5q/pZIulYt9N6mMSjE7jOzDO89FLESxNa3/UGiar37vz21bsIY2fQ3x52L1cv
o8Dr3WNUfaHtS7NJKabs9kcN204aSm93i6b7Isjin0eg3t5sJ41I/K/YXHLYOe12
N5OtqOC7B3oeINpGq2PO+D31R+N66zmwKvhaSZFRyfKi
-----END CERTIFICATE-----